[dns-operations] looking for suggestion: ML for DNS anti-dos

Warren Kumari warren at kumari.net
Thu Apr 2 14:39:41 UTC 2020

On Thu, Apr 2, 2020 at 9:38 AM Tessa Plum <tessa at plum.ovh> wrote:
> Hello
> I am not familiar with DNS servers, trying my hard to learn it.
> I am a researcher on ML/DL field.
> Just got a thought, do you think if it's possible to improve DNS
> anti-dos capability by deep learning?
> As we know, ML/DL is just statistics science based on big data.
> If we have got huge data to differ which are normal requests, which are
> bad requests, thus we could train the system to identify them
> automatically. And we expect to have a system who can handle zero day
> attack.
> How do you think of it?

I'm assuming you have already read:
"DNS-ADVP: A Machine Learning Anomaly Detection and Visual Platform to
Protect Top-Level Domain Name Servers Against DDoS Attacks," , L. A.
Trejo, V. Ferman, M. A. Medina-Pérez, F. M. Arredondo Giacinti, R.
Monroy and J. E. Ramirez-Marquez, in IEEE Access, vol. 7, pp.
116358-116369, 2019 -

"Mitigating DNS query-based DDoS attacks with machine learning on
software-defined networking," M. E. Ahmed, H. Kim and M. Park, MILCOM
2017 - 2017 IEEE Military Communications Conference (MILCOM),
Baltimore, MD, 2017, pp. 11-16. -

Detection of DDoS DNS Amplification Attack Using Classification
Algorithm - Meitei, Singh, De -

Machine Learning Based DDoS Attack Detection From Source Side in Cloud
- Zecheng He, Tianwei Zhang, Ruby B. Lee - Princeton -

(roughly in that order)? There are many others, and a bunch of really
excellent presentations more on the registration side, but those have
good overlap with what you were asking...
One thing to keep in mind is that DNS traffic is a VERY noisy data
source, and corrupt / pathologic queries are incredibly common..


> Thank you.
> Tessa
> https://plum.ovh/
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the dns-operations mailing list